<?php
	require_once('admin_include.php');
	$action = Utilities::GetAction();
	
	if(!User::Permission('pages')) {
		HTML::ErrorPage('Incorrect permissions', 'You do not have the permission to view this area.');
	}
	
	if($action == 'view') {
		HTML::Header('Pages');
		
		$pages = Page::GetAllPages(true);
?>
<h2>Pages</h2>
<?php
	switch($_REQUEST['msg']) {
		case 'page_saved':
?>
<div class="admin-info-msg">
	The page was saved.
</div>
<?php
			break;
		case 'page_deleted':
?>
<div class="admin-info-msg">
	The page was deleted.
</div>
<?php
			break;
		default:
			break;
	}
?>
<ul class="admin-sections">
	<li>
		<h3><a href="pages.php?action=add"><img src="icons/page_add.png" /> Add a Page</a></h3>
	</li>
</ul>
<br />
<ul class="admin-list">
<?php
		foreach($pages as $page) {
			$author = false;
			try {
				$author = User::GetInfoById($page['userid']);
			}
			catch(UserNotFoundException $ex) {
				$author = array(
					'userid' => 0,
					'real_name' => 'Deleted author'
				);
			}
?>
	<li>
		<h3><?php echo $page['title']; ?></h3>
		<span>
			<?php
				if(User::Permission('edit_not_own') || (!User::Permission('edit_not_own') && $page['userid'] == User::Info('userid'))) {
			?>
			<a href="../page.php?id=<?php echo $page['pageid']; ?>" title="View page"><img src="icons/view.png" alt="View page" border="0" /></a>
			<a href="pages.php?action=edit&pageid=<?php echo $page['pageid']; ?>" title="Edit page"><img src="icons/edit.png" alt="Edit page" border="0" /></a>
			<a href="javascript:;" onclick="var c = confirm('Are you sure you want to delete this page?'); if(c) { window.location.href='pages.php?action=delete&pageid=<?php echo $page['pageid']; ?>&n=<?php echo substr(User::Info('password'), 16, 10); ?>';}" title="Delete page"><img src="icons/delete.png" alt="Delete page" border="0" /></a>
			<?php
				}
				else {
			?>
			<a href="../page.php?id=<?php echo $page['pageid']; ?>" title="View page"><img src="icons/view.png" alt="View page" /></a>
			<?php
				}
			?>
		</span>
		<h4><?php echo substr(strip_tags($page['content']), 0, 200) . ((strlen($page['content']) < 200) ? '' : ' [...]'); ?></h4>
		<p>
			<?php echo $author['real_name']; ?> - <?php echo date('jS F Y', $page['time']); ?> - <?php if(!$page['show_in_menu']) { echo 'Not shown'; } else { echo 'Shown'; } ?> in menu
		</p>
	</li>
<?php
		}
?>
</ul>
<br />
<?php
		if(count($pages) == 0) {
?>
<p>
	There are no pages on this blog. Why not <a href="pages.php?action=add">add one</a>?
</p>
<?php
		}
		HTML::Footer();
	}
	else if($action == 'delete') {
		if($_REQUEST['n'] != substr(User::Info('password'), 16, 10)) {
			HTML::ErrorPage('Possible cross-site request forgery', 'A possible cross-site request forgery attempt was blocked.');
		}
		$page = false;
		try {
			$page = Page::Get($_REQUEST['pageid']);
		}
		catch(PageNotFoundException $ex) {
			HTML::ErrorPage('Page does not exist', 'The page you attempted to delete does not exist.');
		}
		if(!User::Permission('edit_not_own') && $page['userid'] != User::Info('userid')) {
			HTML::ErrorPage('Insufficient permissions', 'You are not allowed to delete this page.');
		}
		$result = Page::Delete($_REQUEST['pageid']);
		if(!$result) {
			HTML::ErrorPage('Page not deleted', 'Your page could not be deleted. Please try again.');
		}
		header('Location: pages.php?msg=page_deleted');
		exit;
	}
	else if($action == 'edit') {
		if($_SERVER['REQUEST_METHOD'] == 'POST') {
			$pageid = $_POST['pageid'];
			$page = false;
			try {
				$page = Page::Get($_REQUEST['pageid']);
			}
			catch(PageNotFoundException $ex) {
				HTML::ErrorPage('Page does not exist', 'The page you attempted to delete does not exist.');
			}
			if(!User::Permission('edit_not_own') && $page['userid'] != User::Info('userid')) {
				HTML::ErrorPage('Insufficient permissions', 'You are not allowed to delete this page.');
			}
			$title = $_POST['title'];
			$content = $_POST['page_content'];
			$show_in_menu = (isset($_POST['show_in_menu']) ? true : false);
			if(empty($pageid) || empty($title) || empty($content)) {
				HTML::ErrorPage('You need to fill out all the fields', 'You need to fill out all the fields.');
			}
			$result = Page::Modify($pageid, $title, $content, $show_in_menu);
			if(!$result) {
				HTML::ErrorPage('Page not saved', 'Your page could not be saved. Please try again.');
			}
			header('Location: pages.php?msg=page_saved');
			exit;
		}
		else {
			$page = false;
			try {
				$page = Page::Get($_REQUEST['pageid']);
			}
			catch(PageNotFoundException $ex) {
				HTML::ErrorPage('Page does not exist', 'The page you attempted to delete does not exist.');
			}
			if(!User::Permission('edit_not_own') && $page['userid'] != User::Info('userid')) {
				HTML::ErrorPage('Insufficient permissions', 'You are not allowed to delete this page.');
			}
			HTML::Header('Edit Page', YUI_EDITOR_FILES, YUI_EDITOR_EXTRA_BODY);
?>
<h2>Edit Page</h2>
<form action="pages.php" method="post" class="nice-form" id="editor-form">
	<input type="hidden" name="action" value="edit" />
	<input type="hidden" name="pageid" value="<?php echo $page['pageid']; ?>" />
	<ul>
		<li>
			<label for="title">Title</label>
			<input type="text" name="title" value="<?php echo $page['title']; ?>" />
		</li>
		<li>
			<label for="page_content">Page Content</label>
			<textarea name="page_content" id="page_content"><?php echo $page['content']; ?></textarea>
			<?php
				echo yui_editor_script('page_content');
			?>
		</li>
		<li>
			<label for="show_in_menu">Show in Menu</label>
			<input type="checkbox" name="show_in_menu" class="checkbox"<?php if($page['show_in_menu']) {?> checked="checked"<?php } ?> />
		</li>
	</ul>
	<input type="submit" value="Save" />
</form>
<?php
			HTML::Footer();
		}
	}
	else if($action == 'add') {
		if($_SERVER['REQUEST_METHOD'] == 'POST') {
			$title = htmlentities($_POST['title']);
			$content = $_POST['page_content'];
			$show_in_menu = (isset($_POST['show_in_menu']));
			if(empty($title) || empty($content)) {
				HTML::ErrorPage('You need to fill out all the fields', 'You need to fill out all the fields.');
			}
			$result = Page::Add($title, $content, $show_in_menu);
			if(!$result) {
				HTML::ErrorPage('Page not saved', 'Your page was not saved. Please try again.');
			}
			header('Location: pages.php?msg=page_saved');
			exit;
		}
		else {
			HTML::Header('Add Page', YUI_EDITOR_FILES, YUI_EDITOR_EXTRA_BODY);
?>
<h2>Add Page</h2>
<form action="pages.php" method="post" class="nice-form" id="editor-form">
	<input type="hidden" name="action" value="add" />
	<ul>
		<li>
			<label for="title">Title</label>
			<input type="text" name="title" />
		</li>
		<li>
			<label for="page_content">Page Content</label>
			<textarea name="page_content" id="page_content"></textarea>
			<?php
				echo yui_editor_script('page_content');
			?>
		</li>
		<li>
			<label for="show_in_menu">Show in Menu</label>
			<input type="checkbox" name="show_in_menu" class="checkbox" checked="checked" />
		</li>
	</ul>
	<input type="submit" value="Add" />
</form>
<?php
			HTML::Footer();
		}
	}
	
	
?>